CentOS7.0防火墙Firewalld和服务相关配置

centos 7.0版本之后相对于以前的版本更改行还是很大的，原先在6.5版本之前命令和配置文件大致都差不多，自7.0版本之后一些功能都有较大的改变，接下来会从防火墙和服务的相关配置来进行剖析。

成都创新互联服务项目包括广元网站建设、广元网站制作、广元网页制作以及广元网络营销策划等。多年来，我们专注于互联网行业，利用自身积累的技术优势、行业经验、深度合作伙伴关系等，向广大中小型企业、政府机构等提供互联网行业的解决方案，广元网站推广取得了明显的社会效益与经济效益。目前，我们服务的客户以成都为中心已经辐射到广元省份的部分城市，未来相信会继续扩大服务区域并继续获得客户的支持与信任！

（一）防火墙firewall的相关介绍及配置
CentOS 7中防火墙是一个非常的强大的功能，在CentOS 6.5中在iptables防火墙中进行了升级了。(he dynamic firewall daemon firewalld provides a dynamically managed firewall with support for network “zones” to assign a level of trust to a network and its associated connections and interfaces. It has support for IPv4 and IPv6 firewall settings. It supports Ethernet bridges and has a separation of runtime and permanent configuration options. It also has an interface for services or applications to add firewall rules directly-----官方文档)
firewall--区域zone
网络区域定义了网络连接的可信等级。这是一个 一对多的关系，这意味着一次连接可以仅仅是一个区域的一部分，而一个区域可以用于很多连接。那个区域是否可用室友firewall提供的区域按照从不信任到信任的顺序排序。

firewall 分类
Firewalls can be used to separate networks into different zones based on the level of trust the user has decided to place on the devices and traffic within that network. NetworkManager informs firewalld to which zone an interface belongs. An interface’s assigned zone can be changed by NetworkManager or via the firewall-config tool which can open the relevant NetworkManager window for you.
The zone settings in /etc/firewalld/ are a range of preset settings which can be quickly applied to a network interface. They are listed here with a brief explanation:
drop
Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.
block
Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated from within the system are possible.
public
For use in public areas. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.
external
For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.
dmz
For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.
work
For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
home
For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
internal
For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.
trusted
All network connections are accepted.
It is possible to designate one of these zones to be the default zone. When interface connections are added to NetworkManager, they are assigned to the default zone. On installation, the default zone in firewalld is set to be the public zone.

注意：目录中存放定义好的网络服务和端口参数，系统参数，不能修改。

firewall常用命令：
1，重启，关闭开启firewall.service服务

相关PDF文档可以到主机宝贝资源站下载：

具体下载目录在 /2017年资料/4月/20日/CentOS 7.0防火墙Firewalld和服务相关配置/

文章名称：CentOS7.0防火墙Firewalld和服务相关配置
文章来源：http://www.shufengxianlan.com/qtweb/news42/513792.html

网站建设、网络推广公司-创新互联，是专注品牌与效果的网站制作，网络营销seo公司；服务项目有等

广告

声明：本网站发布的内容（图片、视频和文字）以用户投稿、用户转载内容为主，如果涉及侵权请尽快告知，我们将会在第一时间删除。文章观点不代表本网站立场，如需处理请联系客服。电话：028-86922220；邮箱：631063699@qq.com。内容未经允许不得转载，或转载时需注明来源： 创新互联